HOW CAN
BUSINESSES
BEST PROTECT
THEMSELVES
AGAINST BUSINESS
PROCESS
COMPROMISE
(BPC) ATTACKS?
T
rend Micro
Incorporated, a
global leader in
cybersecurity
solutions, has
revealed that
43% of surveyed
organisations have been impacted by a
Business Process Compromise (BPC).
Despite a high incidence of these types
of attacks, 50% of management teams
still don’t know what they are or how
their business would be impacted if they
were victimised.
In a BPC attack, criminals look for
loopholes in business processes,
vulnerable systems and susceptible
practices. Once a weakness has been
identified, a part of the process is
altered to benefit the attacker, without
the enterprise or its client detecting
the change. If victimised by this type
of attack, 85% of businesses would be
limited from offering at least one of their
business lines.
“We’re seeing more cybercriminals
playing the long game for greater
www.intelligentciso.com
|
Issue 10
Global security teams are not ignoring
this risk, with 72% of respondents stating
that BPC is a priority when developing
and implementing their organisation’s
cybersecurity strategy.
However, the lack of management
awareness around this problem creates
a cybersecurity knowledge gap that
could leave organisations vulnerable to
attack as businesses strive to transform
and automate core processes to
increase efficiency and competitiveness.
reward,” said Rik Ferguson, Vice
President of Security Research for Trend
Micro. “In a BPC attack, they could be
lurking in a company’s infrastructure for
months or years, monitoring processes
and building up a detailed picture of how
it operates.
“From there they can insert themselves
into critical processes, undetected and
without human interaction. For example,
they might re-route valuable goods to a
new address, or change printer settings
to steal confidential information – as was
the case in the well-known Bangladeshi
Bank heist.”
The most common way for
cybercriminals to infiltrate corporate
networks is through a Business Email
Compromise (BEC). This is a type of
scam that targets email accounts of
high-level employees related to finance
or involved with wire transfer payments,
either spoofing or compromising them
through key loggers or phishing attacks.
In Trend Micro’s survey, 61% of
organisations said they could not afford to
lose money from a BEC attack. However,
according to the FBI, global losses due
to BEC attacks continue to rise, reaching
US$12 billion earlier this year.
27